<?php
require_once('version.inc');
require_once('dbaccess.inc');
require_once('language.inc');
require_once('helper.inc');
require_once('crypt.inc');
require_once('settings.inc');

$user = $_REQUEST['user'];
$pass = $_REQUEST['pass'];

$db = OpenDB();
$query = "select mi_userid, mi_passwd, mi_num, mi_vname, mi_nname,";
$query .= "mi_rstufe, mi_hacker from mitarbeiter where mi_userid = '$user'";

if (!($result = QueryDB($db, $query)))
   $nrow = 0;
else
   $nrow = numrowsDB($result);

if ($nrow != 1) {
   $ini_array = parse_ini_file("setup/setup.dat");
   $suser = $ini_array['suser'];
   $passw = $ini_array['password'];
   $pw = md5($pass);

   if ($user == $suser && $passw == $pw) {
      $headline = 4;
      $menu = 4;
      $rstufe = 0;
      $unum = 0;
      $cunum = encrypt($unum);
      $crstufe = encrypt($rstufe);
      setcookie("TPMunum", $cunum, time()+86400);
      setcookie("TPMrstufe", $crstufe, time()+86400);
      $login = 1;
      Journal(400, "login.php: User: 0 = Verwaltungsuser", $db);
      require('header.inc');
      require_once('menu.inc');
// Here we can insert a splash screen, if we want to.
      require('start.inc');
   } else {
      require('header.inc');
      echo "<td></td></tr></table></td></tr></table>\n";
      Error(GetMessage($db, 216, "Ung&uuml;ltiger Benutzername oder Passwort!\n"));
      echo "<form name=\"error\" action=\"index.php\" method=\"post\">\n";
      echo "<input type=\"hidden\" name=\"headline\" value=1>\n";
      Button(GetMessage($db, 217, "Weiter -->"), "error");
      echo "</form>\n";
      closeDB($db);
      require('footer.inc');
      exit;
   }
} else {
   $data = fetchDB($result, 0);
   $suser = $data[0];
   $passw = $data[1];
   $unum = $data [2];
   $vname = $data[3];
   $nname = $data[4];
   $rstufe = $data[5];
   $hacker = $data[6];
   $pw = md5($pass);

   if ($hacker >= 3) {
      require('header.inc');
      echo "<td></td></tr></table></td></tr></table>\n";
      echo "<p>Sie haben mehrfach versucht dieses System illegal zu\n";
      echo "manipulieren und wurden daher <b>gesperrt</b>!<br>\n";
      echo "Um wieder freigeschalten zu werden, wenden sie sich bitte\n";
      echo "an den <b>Systemadministrator</b>!</p>\n";
      Journal(403, "login.php: User: $unum = $nname $vname", $db);
      closeDB($db);
      require('footer.inc');
      exit;
   }

   if ($rstufe == 5 || $user != $suser || $passw != $pw) {
      require('header.inc');
      echo "<td></td></tr></table></td></tr></table>\n";
      Error(GetMessage($db, 216, "Ung&uuml;ltiger Benutzername oder Passwort!\n"));
      echo "<form name=\"error\" action=\"index.php\" method=\"post\">\n";
      echo "<input type=\"hidden\" name=\"headline\" value=1>\n";

      if ($user == $suser)
         Journal(402, "login.php: User: $suser", $db);

      Button(GetMessage($db, 217, "Weiter -->"), "error");
      echo "</form>\n";
      closeDB($db);
      require('footer.inc');
      exit;
   }

   $headline = 3;
   $menu = 1;
   $cunum = encrypt($unum);
   $crstufe = encrypt($rstufe);
   setcookie("TPMunum", $cunum, time()+86400);
   setcookie("TPMrstufe", $crstufe, time()+86400);
//   $login = 1;
   require('header.inc');
   require_once('menu.inc');
   Journal(400, "login.php: User: $unum = $nname $vname");
// Here we can insert a splash screen, if we want to.
   require('start.inc');
}

//closeDB($db);
require('footer.inc');
?>
